Fraudsters dupe chemical maker Orion out of $60 million

The carbon black maker Orion has been scammed out of $60 million in a wire transfer fraud scheme.

The company rooted out the fraud earlier this month, it disclosed in a filing with the US Securities and Exchange Commission. An employee, the filing says, “was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”

Orion adds that it will record a pretax charge of $60 million if it can’t recover more of its misappropriated funds. Such a loss would be significant for Orion. In 2023, the company earned just over $100 million in profits on $1.9 billion in sales.

The company is cooperating with law enforcement and declines to comment further about the breach because of the ongoing investigation. But the scam bears the hallmarks of a business email compromise (BEC) attack, according to Selena Larson, a threat researcher at the cybersecurity consulting firm Proofpoint.

“It is common for a threat actor to pose as someone in a position of leadership—like a [chief financial officer], for example—to request large transfers of money,” Larson says in an email. “Part of the BEC scam is due to social engineering—fraudsters are very good at convincing someone that they are an important person, and their request is legitimate. In a way, it’s hacking someone’s brain, convincing them to make a bad decision when they otherwise wouldn’t, using language that implies urgency or danger.”

And the scams are lucrative. The US Federal Bureau of Investigation says it received 21,489 BEC complaints last year, representing total losses of more than $2.9 billion.